/*
 * Copyright 1999-2018 Alibaba Group Holding Ltd.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.alibaba.csp.sentinel.dashboard.controller;

import com.alibaba.csp.sentinel.dashboard.auth.AuthService;
import com.alibaba.csp.sentinel.dashboard.auth.SimpleWebAuthServiceImpl;
import com.alibaba.csp.sentinel.dashboard.config.DashboardConfig;
import com.alibaba.csp.sentinel.dashboard.domain.Result;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;

/**
 * @author cdfive
 * @since 1.6.0
 */
@RestController
@RequestMapping("/auth")
public class AuthController {

	private static final Logger LOGGER = LoggerFactory.getLogger(AuthController.class);

	@Value("${auth.username:sentinel}")
	private String authUsername;

	@Value("${auth.password:sentinel}")
	private String authPassword;

	@Autowired
	private AuthService<HttpServletRequest> authService;

	@PostMapping("/login")
	public Result<AuthService.AuthUser> login(HttpServletRequest request, String username, String password) {
		if (StringUtils.isNotBlank(DashboardConfig.getAuthUsername())) {
			authUsername = DashboardConfig.getAuthUsername();
		}

		if (StringUtils.isNotBlank(DashboardConfig.getAuthPassword())) {
			authPassword = DashboardConfig.getAuthPassword();
		}

		/*
		 * If auth.username or auth.password is blank(set in application.properties or VM
		 * arguments), auth will pass, as the front side validate the input which can't be
		 * blank, so user can input any username or password(both are not blank) to login
		 * in that case.
		 */
		if (StringUtils.isNotBlank(authUsername) && !authUsername.equals(username)
				|| StringUtils.isNotBlank(authPassword) && !authPassword.equals(password)) {
			LOGGER.error("Login failed: Invalid username or password, username=" + username);
			return Result.ofFail(-1, "Invalid username or password");
		}

		AuthService.AuthUser authUser = new SimpleWebAuthServiceImpl.SimpleWebAuthUserImpl(username);
		request.getSession().setAttribute(SimpleWebAuthServiceImpl.WEB_SESSION_KEY, authUser);
		return Result.ofSuccess(authUser);
	}

	@PostMapping(value = "/logout")
	public Result<?> logout(HttpServletRequest request) {
		request.getSession().invalidate();
		return Result.ofSuccess(null);
	}

	@PostMapping(value = "/check")
	public Result<?> check(HttpServletRequest request) {
		AuthService.AuthUser authUser = authService.getAuthUser(request);
		if (authUser == null) {
			return Result.ofFail(-1, "Not logged in");
		}
		return Result.ofSuccess(authUser);
	}

}
